Abstract: In view of MSSQL injection attack,the research here thinks that only the active defense can become passive to be active, and then fundamentally lets SQI_ server achieve a real sense of security. hhis paper designed and developed a set of active defense software, which realizes active defense by hooking the APIs of SQL Server process through re- mote thread injection technology. After the active defense software intercepts the creation of process by SQI_ Server, it sends the process creation parameters to the honey pot for execution, and replaces the result of SQL Server with the re- ply of the honey pot. With third-party computer monitoring software, monitoring the honey pot, the system can gather the information of the attackers,and track them. The software also features port mapping. Port of the real host can be mapped to the honey pot, thereby to enhance the honey pot deceptive. When malicious attack is detected, the system provides two ways, SMS alert and F-mail alert, to inform your system administrator as soon as possible.

Key words: SQL,Active defense,Injection,Honey pot